One important aspect, when it comes to security in devices, is how data stored in memory, is protected.
On the end user TKey, the entire FPGA design together with the firmware ROM is kept in the locked-down configuration memory (NVCM – Non Volatile Configuration Memory) within the FPGA chip. It’s not externally readable and only readable by the FPGA when configuring itself. This means the device secret (UDS) can’t be read, not even with the TKey programming board we provide.
There is no persistent data memory. Meaning that there is no way to store anything (e.g. passwords, keys) on the TKey between uses.
Since the TKey does not have persistent data memory, key material is generated at each use. This also means private keys can’t leak between TKey apps and that there are an unlimited number of key pairs, since they are generated each time.
The TKey hardware offers two memory modes: firmware mode and app mode. The app mode has a constrained view of the memory map where some things are read-only and other things not even readable. The firmware switches to the constrained app mode just before jumping to the loaded device app.
The entire firmware stack is kept in a special firmware stack that is 1) marked as non-executable, 2) only memory mapped while in firmware mode, and, 3) cleared just in case before switching to the constrained app mode.
We provide the memory execution protection to apps as well, so they for example can set up their stack to be non-executable.
The TKey has a hardware-assisted RAM address and RAM content scramble function which the firmware sets up. This means addresses used are placed on random places in RAM and the content in the RAM is also scrambled. This is set up with new random keys from a true random number generator every power cycle and is transparent for the device apps – they see only linear RAM and the ordinary contents.